Cook with AI Enrollment closed
AI & LLMs Runs locally

Secret Scanner

Scan code and config for API keys, tokens, private keys, and connection strings before pasting it into an AI tool. Runs in your browser.

ELI5

It checks your code for passwords and keys before you share it with an AI.

A little more detail

What this tool does

Pasting code into a chat or agent can leak credentials. This scanner runs fixed regex patterns for AWS keys, OpenAI and Anthropic tokens, GitHub PATs, JWTs, private key blocks, and database connection strings. Everything runs locally; nothing you paste leaves the browser.

Use it to
  • Check a file before pasting it into ChatGPT or Claude
  • Find hardcoded credentials in config and env files
  • Review a snippet for leaks before posting it publicly
Interactive workspace Results update as you type
Input

Input exceeds 200,000 characters. Only the first 200k is scanned.

Regex-based scanning catches known formats only. High-entropy custom secrets can slip through.

Results
Line Type Severity Match
If you found a real secret

Rotate the credential immediately, remove it from the code or config, and add the file to your AI ignore list so agents do not read it again. Use the AI ignore file generator to build a .cursorignore or similar file for your stack.

Nothing leaves your browser. This scanner runs entirely on your device. Pasted code, logs, and config are never uploaded, logged, or sent to any server. You can disconnect from the network and it still works.

Before you paste code into ChatGPT, Cursor, Claude, or any other AI tool, scan it for credentials. This tool matches fixed patterns for AWS keys, OpenAI and Anthropic tokens, GitHub and Slack tokens, Stripe keys, Google API keys, JWTs, private key blocks, database URLs with credentials, and common assignment syntax.

Matches are masked in the results table so you can confirm the finding without exposing the full value on screen. Regex detection is not exhaustive: short custom secrets, encrypted blobs, and rotated formats may not match. Treat a clean scan as one check in a longer safety workflow, not a guarantee.